[33421] in Kerberos
Re: Instant Messaging client-server solution?
daemon@ATHENA.MIT.EDU (Jaap Winius)
Tue May 24 14:01:05 2011
Message-ID: <20110524195822.10991fhzxz92c9no@bitis.umrk.nl>
Date: Tue, 24 May 2011 19:58:22 +0200
From: Jaap Winius <jwinius@umrk.nl>
To: Russ Allbery <rra@stanford.edu>
In-Reply-To: <87y61wqcld.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Quoting Russ Allbery <rra@stanford.edu>:
> Ah, yeah, if there are forward/reverse DNS lookup problems, that might
> explain the difficulties.
Maybe, maybe not. Still not working for me. But, it's supposed to be a
Kerberized app, so a single interface is probably the right way to go.
> And yeah, we found this almost entirely opaque too. When it works, it
> just works, but if it doesn't work, it's remarkably difficult to get any
> sort of debugging information about why.
However, when it works, it's supposed to pick up a TGT and cache it in
a credentials file in /tmp, right? At the moment that's not happening
for me, even though in the admin console under System Properties it
says:
sasl.gssapi.config /etc/openfire/gss.conf (or jaas.conf)
sasl.gssapi.debug true
sasl.mechs GSSAPI
update.lastCheck 1306240531243
xmpp.auth.anonymous true
BTW, the Stanford IT Lab blog article on Openfire seems to suggest
that the additional code from MIT (which produces a single file,
mitopenfire.jar) is only necessary for the JAAS setup. Is that correct?
Cheers,
Jaap
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
